public function TwigExtension::isUrlGenerationSafe in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Template/TwigExtension.php \Drupal\Core\Template\TwigExtension::isUrlGenerationSafe()
Determines at compile time whether the generated URL will be safe.
Saves the unneeded automatic escaping for performance reasons.
The URL generation process percent encodes non-alphanumeric characters. Thus, the only character within a URL that must be escaped in HTML is the ampersand ("&") which separates query params. Thus we cannot mark the generated URL as always safe, but only when we are sure there won't be multiple query params. This is the case when there are none or only one constant parameter given. For instance, we know beforehand this will not need to be escaped:
- path('route')
- path('route', {'param': 'value'})
But the following may need to be escaped:
- path('route', var)
- path('route', {'param': ['val1', 'val2'] }) // a sub-array
- path('route', {'param1': 'value1', 'param2': 'value2'})
If param1 and param2 reference placeholders in the route, it would not need to be escaped, but we don't know that in advance.
Parameters
\Twig\Node\Node $args_node: The arguments of the path/url functions.
Return value
array An array with the contexts the URL is safe
File
- core/
lib/ Drupal/ Core/ Template/ TwigExtension.php, line 322
Class
- TwigExtension
- A class providing Drupal Twig extensions.
Namespace
Drupal\Core\TemplateCode
public function isUrlGenerationSafe(Node $args_node) {
// Support named arguments.
$parameter_node = $args_node
->hasNode('parameters') ? $args_node
->getNode('parameters') : ($args_node
->hasNode(1) ? $args_node
->getNode(1) : NULL);
if (!isset($parameter_node) || $parameter_node instanceof ArrayExpression && count($parameter_node) <= 2 && (!$parameter_node
->hasNode(1) || $parameter_node
->getNode(1) instanceof ConstantExpression)) {
return [
'html',
];
}
return [];
}